Key Points
- In the direct sense, the breach resulted from the use of stolen employee credentials
- The employee credentials were stolen via an attack on a vendor where these credentials were used
- The credentials enabled the attacks to steal personal information from Latitude service providers
- The breach highlights the importance of cybersecurity supply chain risk management (C-SCRM)
It's not enough today for businesses to secure their own systems, because every business relies on a network of vendors, service providers, and accounts. All must be secured.
Quick Read
In mid-March 2023, Australian financial service provider Latitude Financial Services revealed that a data breach had impacted over 300,000 customer data records.
The breach originated with an attack on a vendor, in which several employees' credentials were stolen. These credentials were then used to access several Latitude service providers where customer data was stored.
By late march, the company reveled that actually some 14 million customer data records had been affected, representing a breach of a significantly larger scale than had first been reported. Affected data includes driver's license numbers, passport numbers, and the personal information of loan applicants.
The fact that the breach didn't directly originate with Latitude, but rather occurred through attacks on vendors and service providers using stolen credentials, highlights both the importance of cybersecurity supply chain risk management (C-SCRM) and good account and password hygiene for employees.
Thanks for reaching out! A Plurilock representative will contact you shortly.
What Plurilock Offers
More to Know
Your Security Depends on Your Vendor and Service Provider Security
Understanding the security postures of vendors and service providers is every bit as important as securing your own business in today's world. Your security is only as good as theirs is.
